Probable security breach may have compromised thousands of Lewis Palmer students’ data
Sherrie Pief reports:
Lewis-Palmer School District 38 officials are mum about the probability that a security breach related to its Infinite Campus platform may have compromised more than 2,000 students’ personal information.
Infinite Campus is a software program that stores personal and academic information about students in the district.
But wait… the district has known about a problem since September?
At a school board meeting on May 19th, a concerned parent asked the school board to fix the security breach immediately. The woman said district officials have known about the issue since the beginning of the school year.
And it gets worse:
After walking through the process with several students and parents using their accounts, Complete Colorado discovered that anyone could easily access the personal information of any student in the district, including names, addresses, and phone numbers for students, parents, siblings, and emergency contacts; schedules; attendance records; grades; locker numbers and combinations; transportation details, including where and when bus pickups take place; and health records.
Read more on The Complete Colorado.
I wonder if any parents have filed complaints with the U.S. Education Department under FERPA. There’s no way all that information is directory info and it certainly should be protected.
And for the district to claim they won’t confirm or deny the vulnerability but anyone who exploits it is a criminal, well…. wow. Maybe if someone sued them they would have gotten off the dime faster and gotten this addressed?
Update: The district posted this message on its web site:
Protecting your student and family personal data is of utmost importance to LPSD.
Yesterday, we discovered a possible security breach through normal monitoring of IP addresses accessing our systems. It appears one individual with legitimate access to our system, using the student portal, may have accessed a few middle and high student IC accounts. The IP address for this individual was immediately blocked. The individual was unable to modify data or transfer data electronically. We will be contacting the parents of the students impacted. If you do not receive a call by the end of the day, you can assume your child’s account was not impacted.
We shut down student portal access to IC this morning. We apologize for the inconvenience this will cause. We had hoped to keep IC access for students up through June 1 so that they could view final grades. Unfortunately, due to this possible breach, grades must be accessed through the parent portal.
Additionally, Google accounts, where student user names could potentially be viewed, were shut down earlier this week. Accounts will be upgraded and security will be enhanced over the summer.
If you need assistance with your parent portal access please contact technology services at (719) 488-4700.